Do I need an AML Licence in Australia?
“Do I need an AML Licence in Australia?” is a commonly asked question. You might be surprised to learn that there is in fact no such thing as an Australian AML Licence.
But, if you provide one or more “designated services” in a way that has a geographical link to Australia, you will be a “reporting entity”. A reporting entity is required to enrol with the Australian Transaction Reports and Analysis Centre (AUSTRAC) and there are additional registration requirements for reporting entities that provide remittance-related services or digital currency exchange services.
Australia’s Anti-Money Laundering & Counter Terrorism Financing (AML/CTF) regime
Australia’s AML/CTF regime is designed to address the threats that money laundering and counter terrorism financing (ML/TF) pose to Australia’s national security and the integrity of key sectors of the economy, and to bring Australia into compliance with international AML/CTF standards developed by the Financial Action Taskforce (FATF).
The Australian AML/CTF regime is comprised of the Anti-Money Laundering and Counter-Terrorism Act 2006 (Cth) (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1) (AML/CTF Rules).
The AML/CTF Act:
- attempts to fulfil Australia’s international obligations to combat ML/TF activity;
- promotes public confidence in the Australian financial system;
- provides Australian government bodies with powers to collect and share information to investigate and prosecute ML/TF offences; and
- implements measures to detect, deter and disrupt ML/TF and other serious financial crimes by imposing obligations on reporting entities.
The AML/CTF Rules supplement the AML/CTF Act and set out how reporting entities are required to meet their AML/CTF obligations.
The regulator – AUSTRAC
AUSTRAC is the Australian Government body responsible for ensuring compliance with the AML/CTF regime. It is responsible for:
- supervising compliance with the requirements of the AML/CTF regime;
- collecting and analysing the financial intelligence obtained through the reports submitted to it by reporting entities; and
- disseminating the intelligence for investigation by law enforcement, national security, revenue and regulatory agencies, as well as international counterparts.
There are also a number of actions that AUSTRAC can take against a reporting entity for non-compliance with the AML/CTF regime including entering into enforceable undertakings, issuing infringement notices, making remedial directions, issuing written notices, taking steps to suspend a reporting entity’s registration on the Remittance Sector Register and/or the Digital Currency Exchange Register or commencing proceedings to enforce compliance and/or to seek penalties.
Some reporting entities must pay an annual industry contribution levy to AUSTRAC to cover AUSTRAC’s operating costs. Reporting entities that meet one or more of the following are generally required to pay the industry levy:
- have annual earnings of $100 million or more;
- have a large number of transaction reports relative to other entities;
- have a high total value of lodged transaction reports during a calendar year relative to other entities.
As noted above, if you provide one or more designated services in a way that has a geographical link to Australia, you will be a reporting entity and therefore fall within the ambit of the AML/CTF regime (for example, banks, financial services providers, the gambling industry and money service businesses or MSBs). A reporting entity can be an individual, business or organisation.
Reporting entities must register and enrol with AUSTRAC within 28 days of providing a designated service. However, if a reporting entity is providing remittance-related services or digital currency exchange services, they must ensure that they are enrolled on AUSTRAC’s Remittance Sector Register and/or Digital Currency Register before they provide those designated services.
In addition, reporting entities must comply with various AML/CTF obligations as set out in the AML/CTF Act and AML/CTF Rules. These obligations include implementing systems and controls which manage the risk that their business could be used for ML/TF, having an AML/CTF Program, keeping records and reporting certain activities to AUSTRAC.
As already noted, there are additional registration requirements for reporting entities that provide remittance-related services or digital currency exchange services. In addition to enrolling with AUSTRAC as a reporting entity, a reporting entity that provides remittance services must also register on the Remittance Sector Register before providing remittance-related services, and a reporting entity that provides digital currency exchange services must register on the Digital Currency Exchange Register before providing digital currency exchange services. Registration on both the Remittance Sector Register and the Digital Currency Exchange Register is valid for 3 years and must be renewed prior to the end of each 3 year period.
Reporting entities must be fully compliant with their obligations under the AML/CTF regime. The AML/CTF Act sets out the policies and procedures which must be implemented by the reporting entity and documented in its AML/CTF Program. These obligations include:
- enrolling (and in some cases, registering) with AUSTRAC (and ensuring that their enrolment and registration details remain current);
- adopting and maintaining an AML/CTF Program that mitigates and manages the risk that its business could be used for ML/TF activity, after undertaking a ML/TF risk assessment of its business;
- undertaking enhanced and ongoing customer due diligence;
- undertaking employee due diligence;
- conducting AML/CTF risk awareness training;
- lodging an annual compliance report with AUSTRAC;
- reporting suspicious matters to AUSTRAC;
- reporting threshold transactions to AUSTRAC (if applicable);
- reporting international funds transfer instructions to AUSTRAC (if applicable);
- arranging for its AML/CTF Program to be independently reviewed on a regular basis, for compliance with the AML/CTF legislation; and
- complying with its record keeping obligations in relation to customer identification, transactions and its AML/CTF Program.
The AML/CTF Act requires a reporting entity’s systems and controls to be documented in a written AML/CTF Program. A reporting entity’s AML/CTF Program must be risk based, such that it is tailored to reflect the risk that the reporting entity’s business could be used for ML/TF purposes.
The first step in preparing and maintaining an AML/CTF Program is conducting the ML/TF Risk Assessment. A reporting entity is required to consider (at a business or enterprise-wide level) the risks that its business could be used for ML/TF, and to implement procedures which manage those risks. The procedures developed to address these risks then form part of the reporting entity’s AML/CTF Program.
An AML/CTF Program consists of two parts: Part A and Part B.
The primary purpose of Part A of an AML/CTF Program is to identify, manage and mitigate the ML/TF risks a reporting entity may face in relation to the provision of its designated services. That is, Part A of an AML/CTF Program sets out the governance and management oversight procedures of the reporting entity covering:
- the reporting entity’s ML/TF risk assessment;
- Board oversight and management procedures;
- appointment of an AML/CTF compliance officer;
- employee due diligence procedures;
- employee training;
- reporting obligations;
- independent review of the AML/CTF Program;
- record keeping obligations;
- ongoing customer due diligence procedures; and
- outsourcing of AML/CTF obligations.
A reporting entity must conduct risk-based Know Your Customer (KYC) checks on all customers before it provides a designated service to the customer. Accordingly, the objective of Part B of an AML/CTF Program is to enable the reporting entity to know its customers (and ensure they are who they claim to be) and to understand the nature and purpose of the customer’s relationship with the reporting entity. The reporting entity’s KYC procedures should reflect the ML/TF risk posed by each customer, so that customers posing a higher level of ML/TF risk will be subject to additional or more stringent customer due diligence checks.
If two or more reporting entities are also members of the same corporate group, or have entered into a joint venture agreement, they may form a Designated Business Group (DBG). Members of a DBG can adopt and operate under a single AML/CTF Program, called a Joint AML/CTF Program. However, each entity remains ultimately responsible for meeting its AML/CTF obligations.
If a reporting entity holds an Australian Financial Services Licence and the only designated service that it provides is that it arranges for its customers to receive another designated service (referred to as an Item 54 designated service), the reporting entity may instead implement a Special AML/CTF Program.
How can we help?
At Holley Nethercote Lawyers, we can provide you with comprehensive and practical advice on compliance with your AML/CTF obligations. We can also provide bespoke AML/CTF training for your organisation which is tailored to the services you provide and the ML/TF risks which are relevant for your business. We are also experienced at conducting independent reviews of your AML/CTF Program and its implementation. Speak to one of our AML/CTF experts for more information and to get the process started.
Author: Rachel Erlich (Senior Associate)